Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Hacked - need info

Posted on 2002-05-13
6
Medium Priority
?
175 Views
Last Modified: 2010-04-13
below is a snippet of my logs.  i believe somebody is trying to hack into my server.  i'm not sure if it succeeded or not.

my server is deny them access to the files requested by reporting error 404.  what is error 500?

what about the default.ida?  what is an ida file?

thanks.

~~~~~~

#Software: Microsoft Internet Information Services 5.0
#Version: 1.0
#Date: 2002-05-09 06:11:49
#Fields: time c-ip cs-method cs-uri-stem sc-status
06:13:41 202.98.62.200 GET /scripts/root.exe 404
06:13:42 202.98.62.200 GET /MSADC/root.exe 404
06:13:44 202.98.62.200 GET /c/winnt/system32/cmd.exe 404
06:13:44 202.98.62.200 GET /d/winnt/system32/cmd.exe 404
06:13:46 202.98.62.200 GET /scripts/..%5c../winnt/system32/cmd.exe 404
06:13:46 202.98.62.200 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
06:13:47 202.98.62.200 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
06:13:47 202.98.62.200 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe 500
06:13:48 202.98.62.200 GET /scripts/..Á../winnt/system32/cmd.exe 404
06:13:48 202.98.62.200 GET /scripts/winnt/system32/cmd.exe 404
06:13:49 202.98.62.200 GET /winnt/system32/cmd.exe 404
06:13:49 202.98.62.200 GET /winnt/system32/cmd.exe 404
06:13:51 202.98.62.200 GET /scripts/..%5c../winnt/system32/cmd.exe 404
06:13:51 202.98.62.200 GET /scripts/..%5c../winnt/system32/cmd.exe 404
06:13:52 202.98.62.200 GET /scripts/..%5c../winnt/system32/cmd.exe 404
06:13:52 202.98.62.200 GET /scripts/..%2f../winnt/system32/cmd.exe 404
08:23:22 202.111.154.51 GET /default.ida 200
0
Comment
Question by:jchew
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 

Author Comment

by:jchew
ID: 7005994
btw, just fyi, i'm using Windows 2000 professional with IIS. i constantly check for updates at the ms update site and have applied all the latest SPs
0
 
LVL 32

Accepted Solution

by:
jhance earned 200 total points
ID: 7006037
This is the NIMDA probing your system.  But you're mostly OK.  If the response is 4XX or 500, it's a FAILURE and nothing happened.

But you have the default.ida in place:

>>>08:23:22 202.111.154.51 GET /default.ida 200

FIX THIS NOW.  You don't need this file anyway, just DELETE it.

Be sure you are up to date on all Microsoft HotFixes for your version of Windows.
0
 
LVL 11

Expert Comment

by:geoffryn
ID: 7006498
I agree with jhance.  The fact that your server returned 200 for default.ida is a BAD thing.  This just looks like a probe, if the log entry had looked like this:

08:23:22 202.111.154.51 GET /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 200


Then you might have a serious problem.
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 

Author Comment

by:jchew
ID: 7007520
i tried the following

http://my.server/default.ida

and got the following reply

The IDQ file default.ida could not be found.

does this mean i'm safe?  i have updated my win2k with all the ms critical updates.

btw, can you please tell me what is an ida file?

thanks.
0
 
LVL 32

Expert Comment

by:jhance
ID: 7007566
It's a sample file that is included with IIS.  It is NOT needed for normal IIS web site operations and it is a known security risk.  Delete the file and be safe.
0
 

Author Comment

by:jchew
ID: 7007602
thanks for the info...
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question